CVE-2022-43487 — Cross-site Scripting in Salon Booking System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

1.9%

top 16.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Salonbookingsystem Salon Booking System Salon Booking System

Timeline

PublishedDec 5

Description

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsalonbookingsystem/salon_booking_system< 7.9

▶CVEListV5salon_booking_system/salon_booking_systemversions prior to 7.9

🔴Vulnerability Details

CVEList

CVE-2022-43487: Cross-site scripting vulnerability in Salon booking system versions prior to 7↗2022-12-05

▶

GHSA

GHSA-v7x7-wh72-mxcc: Cross-site scripting vulnerability in Salon booking system versions prior to 7↗2022-12-05

▶